<?php
/**
 * 需要RBAC检测的action
  * PHP version 5
 * @package   Antonia
 * @author    Antonia <471699715@qq.com>
 * @copyright 2016 Antonia.
 */
namespace Admin\Controller;
use Think\Controller;
class AdmincommonController extends Controller {

    /**
     * 安全过滤
     * @param HttpRequest $request
     * @author Antonia
     */
    function _initialize() {
        if(!empty($_POST["PHPSESSID"])) {
            $_SESSION [C('USER_AUTH_KEY')] = $_POST["PHPSESSID"];
        }
        
        if (!$_SESSION [C('USER_AUTH_KEY')]) {
            echo "<script>window.location.href='". __APP__ . "/Admin/Public/login';</script>";
            exit;
        }
        /*权限过滤*/
        $privilegelist = self::getPrivilegeAction();
        $controller = CONTROLLER_NAME;
        $fun = ACTION_NAME;
                // dump($controller);die;

        $authActions = $this->getAuthActons($controller);
        if(!empty($authActions)){
            if(in_array($fun, $authActions) && !in_array($fun, $privilegelist)) {
                $re = array();
                $re['statusCode'] = "300";
                $re['message'] = "对不起，您没有权限进入";
                echo json_encode($re);
                exit;
            }
        }
        $this->assign('privilegelist', $privilegelist);
    }

    /**
     * 取得当前权限下可执行action
     * @return array $action
     * @author Antonia
     */
    public function getPrivilegeAction () {
        $controller = CONTROLLER_NAME;
        if(empty($_SESSION['controllerauth'][$controller])) {
            $Auths = D("Auths");

            $adminAuths = $Auths->getAdminAuths();

            $_SESSION['controllerauth'][$controller] = $adminAuths[$controller];
            return $adminAuths[$controller];
        } else {
            return $_SESSION['controllerauth'][$controller];
        }
        
    }

    /**
     * 取得当前控制器下需要权限过滤的action
     * @return array $action
     * @author Antonia
     */
    public function getAuthActons($controller) {
        if(empty($_SESSION['authActons'][$controller])) {
            $actionlist = D("Auths")->where("controller='".$controller."'")
                                    ->field("action")
                                    ->select();
            $action = array();
            foreach ($actionlist as $a) {
                $action[] = $a["action"];
            }
            $_SESSION['authActons'][$controller] = $action;
            return $action;
        } else {
            return $_SESSION['authActons'][$controller];
        }
    }


    /**
     * 构造统一返回方法
     * @param HttpRequest $request
     * @return json
     * @author Antonia
     */
    public function ajaxReturn($data,$info, $status) {
        $obj = new  \stdClass();
        $obj->status = $status;
        $obj->info = $info;
        $obj->data = $data;
        echo json_encode($obj);
        exit;
    }

    public function getImgUrl($key,$conf="?") {
        if(empty($key)) {
            return '';
        }
        return "http://".$_SERVER["HTTP_HOST"].APP_DEPLOY_NAME."/Public/Uploads/".$key;
    }

    /**
     * 文件上传
     * @param HttpRequest $request
     * @return json string
     * @author Antonia
     */
    protected function _upload() {
        $upload = new \Think\Upload();
        $upload->maxSize  = 0;
        $upload->exts     = array('jpg', 'gif', 'png', 'jpeg', 'amr');
        $upload->savePath = 'Public/Uploads/';
        $upload->saveName = array('uniqid','');
        $upload->autoSub  = true;
        $upload->subName  = array('date','Ymd');
        $info   =   $upload->upload();
        if(!$info) {
            $re['statusCode'] = "300";
            $re['message'] = $upload->getError();
            echo json_encode($re);
            exit;
        } else {
            return $info;
        }
    }

}
?>